O'Reilly logo

Security Development Lifecycle by Steve Lipner, Michael Howard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 21. SDL-Required Tools and Compiler Options

In this chapter:

This chapter outlines the SDL-mandated security-related tools to be used during the development and testing processes. We focus on tools that are publicly available from Microsoft developer Web sites (such as MSDN) and Microsoft Visual Studio 2005.

Required Tools

At a minimum, the following tools are required during the development process:

  • PREfast (Microsoft 2005)

  • FxCop (GotDotNet 2006a)

  • Application Verifier (Microsoft 2003)

  • Minimum compiler and build tool versions

Let’s look at each tool in more detail.

PREfast

A product of Microsoft Research, PREfast is a static analysis tool used to detect coding defects in C and C++ code. A subset of these defects is security bugs. PREfast ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required